KOBIL eSecure for SAP® R/3® - IVORY - Authentication Solutions

Strong Authentication
Integrity
Confidentiality
Single Sign-On
KOBIL eSecure for SAP® R/3®
certified for SAP NetWeaver

Protect Your SAP Data and SAP Access – The Easy Way – Anytime – Anywhere
The Problem - Unprotected SAP-Data and -Access
Intranet encryption is frequently disregarded as inessential for corporate security, and
this even though in-house breaches should be considered the principal security risk
according to the German privacy watchdog, the Federal Authority for the Security of
Information Processing (BSI).
Are you using the standard software, SAP® R/3®, for managing essential
finance, customer and human resource data?
Does it bother you that SAP® R/3® by default propagates such data in
clear text through the network?
Did you know that an authentication method based on just user name
and password is easily compromised?
Isn’t it a hassle to have to sign in again each time you’re using a different
SAP system?
Does your company have employees who dial into your SAP system from
remote locations?
Does your user support spend major amounts of time with the recovery
of forgotten passwords?
Here is your Solution - KOBIL eSecure for SAP® R/3® (certified for SAP
NetWeaver)
In a standard SAP system, SAP® R/3® data is sent through the network in clear text.
Without any additional protection, this can easily lead to major security problems,
because there is no way to ensure the authenticity, integrity and confidentiality of
your data.
In the context of the changed legislation (key word: the German “Basel II”
requirements for banking supervision) and the tightened liability regime, many
internal auditors and chartered accountants are well aware of this security gap and
have called for the introduction of an appropriate security solution.
This is why SAP has integrated an interface (SNC) that is used whenever a third party
security product is deployed for just that purpose, that is, to set up a secure
connection between the individual SAP components (client, application server, router,
printer). To this end, all components need to be certified by a digital certificate.
Appropriate hardware includes soft tokens, smartcards or USB tokens (such as KOBIL
mIDentity).
In order to ensure the protection of sensitive corporate data, we offer you solutions
that preserve your secret key (representing the basis of your entire security) against
unauthorized access, always adjusted to the degree of security you need.

KOBIL eSecure for SAP® R/3® for safe SAP network connectivity offers exactly this kind of
protection.
It meets the following security features:
Authenticity:
Generating and replacing the session key ensures unique system access – anywhere,
anytime.
Confidentiality:
By using the session key, you encrypt your data traffic for unauthorized third parties, thus
protecting it effectively.
Integrity:
By using the session key (digital signature), you ensure that your data cannot be
manipulated on its way to the respective recipient.
Secure Single Sign-On:
Since many employees consider the repeated login to the various SAP systems as little
more than an routine nuisance, they tend to use passwords that are easy to memorize -
and easy to crack. When using KOBIL eSecure for SAP, all you need to have as a user
anymore is the password for your security token. Afterwards, you can directly access any
SAP system allocated to you.
Remote User
Remote User
1
2
3
4 5 6
7 8 9
C 0 F
Remote User
Terminal
Client
Phone line
Phone line
Internet
SNC
SNC
SSL
ITS-Server
Intranet
Remote-
Access-
Server
For more information on our products, please visit www.kobil.com
Router
SNC
SNC
SAP GUI
SAP GUI auf
Terminal Server
SNC
SNC
SNC
SNC
SAP LPD
R/3 Applikationsserver
RFC

KOBIL eSecure - Technical Details:
SAP-Server: (KOBIL eSecure for SAP® R/3® is available for the following platforms)
Linux
SUN Solaris 2.7 & 2.8 – 32 Bit (UltraSPARC) & 64 Bit (SPARCV9+)
Microsoft Windows 2003 Server 1
Microsoft Windows 2000 Server 1 / Advanced Server Service Pack 4
AIX platform coming soon (other platforms upon request)
SAP GUI Clients:
Microsoft Windows XP Service Pack 1
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 2003 Server (SAP GUI onTerminal Server)
Citrix MetaFrame XP FR2 & FR3 (SAP GUI on Terminal Server)
Business Warehouse Client
Certificates/Encryption:
X.509v3
168 Bit Triple DES (3DES)
1024 Bit RSA
Authentication Mechanisms:
via PKCS#11 (KOBIL Smart Key, KOBIL mIDentity)
via RADIUS OTP (KOBIL SecOVID)
via PKCS#12 (Soft-Token)
The Benefits of KOBIL eSecure for SAP® R/3® at a Glance:
High cost effectiveness
KOBIL offers KOBIL eSecure for SAP® R/3® as a bundle for the joint deployment together with soft
tokens at a very affordable value-for-money ratio (only through SecurIntegration GmbH). This
ensures a potential increase in value for your user authentication and for the protection of your
network resources.
Protection of investment
You can switch to the use of smartcards anytime: qualified signatures ensure a reduction of your
process costs by avoiding media breaks.
Unmatched flexibility
Bringing you the only option worldwide that uses both certificates and one-time passwords (OTPs)
for the protection of SAP systems, KOBIL offers you the highest degree of flexibility that money can
buy. Which makes you the one to define the specific type of access security for each employee.
Thus, you can even tie remote users effectively into your security infrastructure.
Low Costs of Ownership
The integrated solution portfolio – KOBIL being the only producer worldwide who develops and
manufactures both its software and hardware (required to meet the highest security standards) –
ensures a tested and time-proven interaction among all components involved, thus reducing the
integration costs and the operative overhead.
Easy deployment
Thanks to the integrated software allocation, you can install the client by running an automatic
setup. Regardless of whether you are using the Windows CA, KOBIL mIDmanager, or certificates by
third party providers: the certified solution allows for interoperability of the highest degree.
1 SAP-certified
KOBIL Systems GmbH Pfortenring 11 D-67547 Worms
phone +49 (0)6241-3004-0 fax: +49 (0)6241-3004-80
www.kobil.com